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TECHNICAL FIELD OF THE INVENTION 

[0001] This invention is related in general to information transmission systems and, more particularly, 
to an information transmission system that is operable to be stored at a remote location as a secure file 
in a trusted environment. 

CROSS-REFERENCE TO RELATED APPLICATIONS 

[0002] This application claims the benefit of Provisional Patent Application No. 60/414,449, filed on 
September 30, 2002. 



Atty. Dkt. No. MPOR-o26,492 



3 



BACKGROUND OF THE INVENTION 

,0003) With the popularity of wireless "digital" eomputing devices, such as, Personal Digital 
Assistants (PDA's) cell phooes, cameras, video, audio recorders and other digital recorders, users have 
been afforded the ability to record and transmit digital media within seconds. 

,0004) With the advent of digital media, it has become increasingly easy to copy, counterfeit, falsify 
and misuse digital Monition of all kinds. This includes digital photographs, video & audio recordmgs 
of speech or musical performances, motion pictures and recordings of physical phenomena, such as 
meter readings or "black box" records. This digital media can be altered in ways that defy detection, 
audiorecordingscanbeeompressedandanonymouslyofferedtothe public with impunity, and tune and 
date stamps on any of the media just listed can be easily changed with freely available tools. 

,00051 Ananendantproblemis.hatofsecurestorage.Whileaflashmemorycardwimin,hesedigi K l 
receding devices (in any of its currentiy popular forms) can hold hundreds of pictures, images, v,deo 
and audio, the problem with securely storing, indexing and retrieving thousands of media tiles has «U 
no. been solved. When the works of intellectual property (music, software, images and movres, to name 
a few) are much more valuable than the equipment on which they resrde, the temptation for theft and 
alteration becomes great. 

[0006] Furthermore, mis invention provides for the secure non-repudiation by embedding Certificate 
Authorities non-repudiation Digital Certificates of said digital files for forensic or other evidenhary 
purposes that are sent and received across said transmission networks. 

This works for any kind of media file - photographs, images, music, audio spoken word, video, phystcal 
phenomena - anything. Obvions applications mnge from taking a pho.ograph, video chp to "black 
boxes" embedded in transportation facilities. Following an incident, information could be transmuted 
using the above schemes to a storage facility. Only authorized personnel eould men retrieve the 
encrypted messages and return the data to clear text form. 
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SUMMARY OF THE INVENTION 

[0007] The present invention disclosed and claimed herein, in one aspect thereof, comprises an 
apparatus for recording image or other data in real time. The apparatus includes a capture device for 
capturing the image or other information. Once captured, a local verification device is operable to 
indelibly mark the captured image or other information with the date, time, location and informal 
identifying the creator of the data. A transmitter is provided for transmitting the locally verified 
captured image or other information in real time to a secure storage facility. The capture dev 1C e is 
operable, after the locally verified captured image or other information is transmitted to the secure 
storage facility, to receive and verify acknowledgment of the receipt of the transmitted locally verified 
captured image or other information to the storage facility. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

M For a more compete understanding of the presen, invention and the advantages thereof, 
ref erenee is now ntade ,0 the Mowing deseription taken in eonjunction with the accompanytng 

Drawings in which: ^aa- 
100.91 Fig. 1 innstratesaMockdiagramoftheoveraUoperationofUtesystemtnaceordaneewnhthe 

present disclosure; 

10010] Fig. 2 illustrates a diagrammatie view of the eaptured and encrypted ftle; 

,00111 Fig 3 illustrates a flow char, depicting the overall operation of the capture operatton; 

[0012] Fig. 4 illustrates a flow char, depicting ,he operation of the request operation for the star, 

certificate; . rP Q. 

,00131 Fig. 5 illumes a flow clw, depicting the operation of requesting informatton from the GPS, 

Jm4, Fig. 6 illustrates a flow char, depicting .he operation of embedding information into the 
captured file; 

[0015] Fig. 7 illustrates a flow ehart depicting the operation of requesting the stop certificate, 
[0016] Fig. 8 illustrates a flow chart depicting the encryption algorithm operation 
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DETAILED DESCRIPTION OF THE INVENTION 



,0017) Referring now to Fig. 1, there is illustrated a block diagram of to overall operation of ft. 
svs.cn in accordance with the present disclosure. The system generally is directed toward a capture 
device 102 that is operable ,0 capture, in this embodiment, an image of an individual; for example, the 
individual denoted by me reference numeral 104. This can be any We of scene or any type of 
information mat is captured. This could be a v,deo segment, a still picture or an audio segment. I. 
should be understood that the capture device 104 could capture any type of information, no, just v,deo 
information, As will be described herein below,, he purpose of the system of the present disclosure w,.l 
be ,o no. on.y capture information bu, .o s.ore .he information in a secure and certifiable manner such 
.ha. i, is non-repudiatable. The capture device is controlled by a user through an inpm/outpu, (I/O) 
interface 106. The imagel04, in this example, will be captured in the form of a capture file 108 stored 
in a storage area 1.0, this being a buffer a re a. The capture device 102 could be a cell phone mat has a 
video camera associated therewith, any type of device having a digital camera associated .herewnh, an 
audio system for capturing an audio file, etc. The phone, in one examp.e, can capture and drgmze the 
image, or even a video segment. 

,00181 Once the captured image 1 08 is formed and temporarily stored, i, then goes to the next step of 

Local certification, in tins example, is some certification to. is viewed as providing informahonm such 
a mam.e, that there is a high level of confidence in that information which is to be associated w,,h the 
.rnage as an integral part .hereof and will, as described herein below, follow the image. For example, 
fteinfonnationthatisobtainedwi.^^^^^ 

that is received from a GPS system (global positioning system), a conventional system. The tune 
information, Ute date information and the longitude and latitude information are provided « such a 
manner that, when associated with me eap.ure file 108, this provides some current validahon tha, the 
fflewascreatedatthatpaxticn,^^ 

information associated therewith. For example, a user could make a log, either printed or electron, of 
the image captured and, at a later time, by merely knowing what the time and data information was and 
the longitude and latitude information was, this would provide a higher degree of confidence that the 
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been reproduced at a later time and location. 

[00) 91 In order to provide this verification, the trusted entity is the GPS system, since this is a system 
,ha. provides a time stamp and a longitude and latitude from the calibrated system. If thts ,s 
implemented in such a manner that it is an integral par. of me capture operation, i.e., it is integrated mto 
the phone, for example, thenahigh degree of confidence is maintained that mis was obtained bastcal.y 
a, the time the capture was complete. The OPS system, as noted herein above, is a conventional system 
that utilizes a GPS receiver . 14 drat has an antenna 1 16 mat is operable to receive informauon from a 
plurality of satellites 118. Typically, there can be anywhere from three to ten or more satelhtes from 
which information can be received to obtain an accurate location. Alternate techniques for recovenng 
time date and position information includes differential and Doppler analysis of very precise ttmtng 
signalscommgfromaplmalityofcellul^ 
andpositionimormarionbcludesr^^ 

sub layer of the cellular protocol, where the mobile telephone service provider is a party to the 
transactions. Finally, another technique of retrieving accorate time and date information include use of 
a network time server. 

10020] The result of the local certification is a locally certified captured image 1 20 which is illustrated 
with the image and a time stamp, 'TV disposed on the edge thereof, this loeation by way of example 
only as other methods of disposing this information are described herein below. This "TS» mdtcates 
that there is some information mat is "embedded" into the captured file or captured image that ts now 
par, of the file. For example, as will be described in more detail herein below, there is a science of 
embedding information referred ,0 as "Steganography" that allows information to he embedded m some 
expression of intellectual property (a photograph, a musical recording, or other expression,) such mat 
(a) the information is hidden from casual observers and (b) the information is not easily altered or 
destroyed One such type is a "water mark" that basically is disposed in the background of a document, 
for example. In images, there are encoding techniques such as«glifs" that can be disposed in the tmage 
which isanopucaltypeencodingthatappearsasarandom background to a viewer, but actually contatns 
digitized information. The result is that the document, file image, etc., is indelibly marked with the date, 
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the time and , he ,oca,ion, in addition to associating .herewith information abouUhe user indreformof 
a nser ID whieh is provided in a nser ID bloek 122. The local certification block 112, therefore, » 

information into the single documen, .20. At this point, the document 120 is still a "clear" document 
such tha, it can be viewed by any individual. The image 1 20 is stored in a temporary image buffer 121 . 

,00211 After the documen. 120 has been created wi«h .he local certification, fine system then 
compresses .he file using any of a number of well-known methods. In the case of an image, »e 
c„mpress,on technique may be a lossy algorithm such as JPEG or (in ,he case of mofion p.ctures) 
MPEG, or for a dam set, .he compression technique may be a loss.ess method such as 
Lempel-Ziv-Welch. 

,0022, After compression, the file 120 is processed through an encryption operation wherein .he file 
is firs, encrypted in accordance with predetermined encryption algorithms, this being performed m . 
block ,24. The encryption, as will be described herein below, is a double encryption operation winch 
wraps .he loca, certified captured file with a firs, level of encryption 126 and a second level of 
encryptioni28.oprovideanencryp.cddocumen.130. This is tiren stored in a, empora^- storage buffer 
1 32 The file 1 30 is then subjected to a non-repudiation certification process to acquire a Certificate of 
Au , h e„,ici,y(CA)fromacert.ficationau^ 

party that can "diguany sign" a file, image, etc. and provide a ,eve, of authenticity » tha, file. T ts ts 
c„„ven,iona„echno,ogy.Thedocnmen„30,ini,sencryp,edform,isco„verted,oa»hash"fi,eand,h,s 

hash file, which is a representation of the encrypted file, is sen, to tire certification au«hori,y 13 5 v,a a 
.ransmhter and antenna ,36 aiong a wire,ess path, and rece.ved by an antenna , 37 a, the certification 
authority ,35 location. Again, this is a wireiess operation. The hash file is then signed and a 
combination hash file and certificate of authenticity is then sen, back ,0 the antenna 136 which ,s then 
stored in a temporary memory ,33 as a certified document. This is Mustrated with the attached 
certification authority certificate ,39. This ,s , he file tha, is sent ,o tire secure s,orage faei,i V , tins bemg 

a file 130". 

,00231 After encryption, certification by the CA and compression, the encryp.ed file is «hen passed ,o 
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US having a receiving antenna 140 associated therewith. The secnre storage fariltty 138 ,s a 
r eposi«ory In one embodiment, this repository 138 does nothing more than to store the image 130 m 
a ,arge database 142 for access a. a later time. Additionally, the secnre storage facility 138 conld be a 

secnre storage facility 138 con.d merely be a place to store the information with secure measures as to 

no, be able to decrypt me image 130 and would merely be able to transfer the image ,0 the mdrvrdual 
or entity authorized to access that information. 

,0024, For access, a remote access site ,44 is operable to send requests to the secure storage facility 
,38 identify themselves with the appropriate passwords to comply wim the security procedures of the 

inamemory .46 and decrypted with a decryption algorithm inablockHS for stomge of ,he decrypte 
ffle ,20 in a storage space 150. This can then be extracted by a user for whatever purpose. In general, 
al.of.heencrypt.onensuresmat.herehasbeenno'Wring-wim.hemebeforeitisdecrypted.Once 

decryp«ed,.hente.imeda.es.am P andl^ 

some local indeuble certification that verifies the captured file as being authentic and whrch was 
embedded at the time of creation. 

,00251 Referring now ,o Fig. 2, there is illustrated a diagrammatic view of the captured and encrypted 
ffle .30 which, as noted herein above, is comprised of the locally certified captured ffle .20 wrapped 
by the firs, layer of encryption .26 and the second layer of encryption ,28. As win be described herem 
below.thefirstlaycrof encryption is a symmetrical encryption algonmm and the second layerMtsan 
asymmetrica! encryption layer 128. The symmetrical encryption layer is something that can be 
unwrapped mere.y by having access ,0 various public keys. Tb.s is a fairly conventional PKI system. 
The second layer of encryption, the asymmetrical encryption layer, is a layer that requires a pnvate key 
in order to extract this layer. Therefore, in order to gain access to the file a. the second layer of 
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encryption, the individualmus.haveme private key to unwrap the firstlayer and the other key to unwrap 
the second layer. Again, this will be described in more detail herein below. 

,0026] Referring now to Fig. 3, there is illustrated a flow chart depicting the overall operation of the 
capture operation, which is initiated at a start block 302 and then proceeds ,0 a function block 304 » 
ordertoallowtheuserto activate the capture device 102. The user activates the capture dev.ce 102 and 
ten a capture operation is initiated at a block 306. Upon initiation of a capture, there ,s, tn one 
embodiment, a "start" request sen. out to the certification authority 1 35. The certification authonty 135 
receives the request generated at the block 308 for a certification certificate as to the "start" infotrnahon 
that was sen, to it. This can merely be me text "start" that is certified. This is sen, back ,0 ,he sys,em 
during me capture operation. A dectsion block 310 indicates that this operation which will war. for the 
receipt of the certificate. However, during the time that this certificate is being generated, the capture 
is continuing. Once the program, after the shut request is generated, men flows to a decision block 3 1 0 
towaitforthecompletionofthecaptureopemtion. As soonasthis is complete, the program flows along 
a "Y" path to a function block 3 12 in order to request the time, date, longitude, latitude informafon and 
(hen embed this information along with user information, as indicated by a function block 314. Tins ts 
embedded into me captured file as described herein above. The program then flows to a function block 
316 in order to request a "stop" certificate from the certification authority .35. In Otis operarion, me 
certificate is requested prior to encryption such tha. the "clear" file can be certified prior to encryption 
withthecertificate 139. However, the file could be encrypted firs, and then certified. The program then 
flows ,0 an encryption block 3 1 8 .0 encrypt tire file and men to a function block 320 to compress me file. 
This compressed file is .hen transmitted to .he repository, as indicated by a function block 322 and then 
the program proceeds to an End block 324. 

,0027] Referring now to Fig. 4, .here is illustrated a flow chart depicting the operation of the request 
operation for the start certificate, as initiated a, a block 402. The program then proceeds to dec.ston 
block 404 in order ,0 initiate the capture operation. When the capture operation is initiated, me program 
flows along a » Y" path to a function block 406 ,0 send the "start" text ,o the certification authortty 135. 
Of course this could be a "hash" of a certain initial part of the capture file, bu, just the text would be 
sufficient. The program then flows to a decision block 410 to determine if the certificate has been 
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received for this "start" text and, when it has been received, the program will flow along the "Y" path 
,„ a function block 41 2 to store this received certificate in association with the captnred file. Of course, 
this may not be disposed in association therewith until the capture is complete. Additionally, although 
not illustrated in this flow char,, the start time could also have time and date information as well as 
longitude and latitude information associated therewith such that mere would be local certificatton of 
both the start time and the stop time which is received from a trusted authority, i.e., the OPS system. 
Once mis information is detennined as stored in association with the captured file, the program flows 
,„ a return block 4,4. Again, this information may merely be stored in a temporary buffer until the 
capture is complete. 

[0028] Referring now ,0 Fig. 5, mere is illustrated a flow char, depicting ,he operation of requesting 
information ftom the GPS, which is initiated a. a block 502. The program then flows to a function block 
504 in order to access me GPS system. This, again, is a conventional operation which will ob,a,n born 
accurate timemformauonandlocationi^^^ 

block 506. The program men stores this information and flows back to a Return block 508. 

,00291 Referring now ,0 Fig. 6, there is illustrated a flow char, depicting the operation of embedding 
information into the captured file, which is initiated a, a block 602. The program then flows to a 
taction block 604 to initiate a s.eganography algorithm. The steganography operation ts operable ,0 
permanently modify the captured file with the time/date intonation and longitude and latitude 
information as well as user ID information, this indicated a, a function block 606. The program ,hen 
flows to a function block 608 to store a modified captured file with this local certification informauon 
embedded therein. Again, this local certification information provides some level of authentic* to a 
"clear" file. The program then flows to a Return block 610. 

[0030] Refetting now to Fig. 7, them is illustrated a function block or a flow char, depicting the 
operation of requesting me s,o P certificate, which is initiated a, a s,art block 702 and then proceeds to 
a function block 704 ,0 create me "hash" file of a modified capture file. This hash file is men sen, ,0 
the certification authority B5,asmd,catedbyafunc<io„block706. The program thenflows to decston 
block 708 to wait for the receipt of the certificate and, once received, flows to a function block 710 to 
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basically sign .ha modified capture file and associate with the meOified capture file a certificate of 

does no. have » be rransmhtedto the certification authority 135. The reasonfor this is that one would 
, te to prevent the transmission over any wireless link of "clear" information. As such, the hash file has 

the original file from which i, was generated, since the algorithm for generating a hash file wrl. clearly 
identify the two. As such, the certificate generated by the certification authority 135 is suff.cent ,„ 
ensure that a ousted au,hori V has in fact verified the authenticity of me file, this indicated by a fitncon 
block 712 wherein the captured file is signed and then the program flows to a Return block 716. 

[00311 Referring now to Fig. 8, mere is illustrated a flow char, depicting the eneryptton algorithm 
operation, which is initiated at a block 802 and then proceeds to a Amotion block 804. Th,s ts the 
operation wherein symmetrical encryption is utilized with a "pub.ic and private key system " The 
symmetrica, encryption is an operation in which a plaintext message is transformed by a well-known 
algorithm operating under control of a key. The key is a short (less than .000 bits, usually) data string 
ft* insects the encryption algorithm how to transform the plaintext into an unreadable form called 

the plaintext is used to decrypt the cyphertext, resulting in a plaintext file once agam. 

,0032) After encryption in the "first layer," the program men flows to function block 806 to create the 
firs, cyphertex, file. This firs, cyphertext file is then processed with an asymmetrical encryptton 
algorithm, as indicated by a function block 808 ,o further encryp, or protect the captured file. The 
second general type of cryptosystem is asymmetrica. encryption This encryption scheme uses 
mathematical functions called one-way or trapdoor functions ma, are easy to perform but extremely 
difficult to reverse. Examples of these one-way functions are factoring large composite numbers (two 
,arge numbers are easy ,o multiply, bu, finding the two large numbers given the product alone ,s 
difficult) and me discrete logarithm problem (raising a number ,0 a power modulo some value ,s easy, 
but findingthe number given me result is difficult.) In an asymmetrical cryptosystem, one key (referred 
,„ as the pubtic key) is used ,0 encryp, the plamtex, and a second, rela,ed key (called the private key) ,s 
used to decrypt the ciphertex,. In a public-key encryption scheme, ft is common to publish the pubhc 
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c „nH „ secure message but only the holder of the private key can decrypt 
key. In this way, anyone can send a secure message, uui y 

the message and reveal the plaintext. 

,0033] Asymmetrical cryp.osys.ems have another use as welk by e„cryp.io g a file under his or her 

using .he associated public key, then nobody but the holder of the private key conld have created 
message. This leads to properties fav„rab,e .o the present invention; proof of ownership and 

then proceeds to a Return block 812. 

,00341 To illustrate how d* system of the prescn. disclosure opera.es, one example of an app.ication 
of the capture device 1 02- a wireless digital camera - will be described. 

,0035. The user takes a picture, video, audio, or acquires any other data set, or any combination of 
these. The apparatus then sends a request ro a certificate authority to obtain a certification of.be time 
and date of the recording. This certificate, as well as time, da,e and location information obtatned ftom 

u^uc to tire wire.ess digital video camera, is s.eganographical.y encoded onto tire image and/or audto 



files. 



,0036] The image is now marked, bu, i. is stil. "in the clear." Tha. is, anyone who gains access .o the 
ima ge file will be able .0 reproduce tire image. It must now he secured so tha, unauthorized parries 
cannot view the image. 

,0037, Aftercomp re ssion,*e„ex.s,epis t oenc^ P .thcf,leinsnchawayti,a«ti,ef,lecann„«heuscd 
without access to a secret key. 

,0038, Once.heimagcftlehasbeenindeliblynrarkedandcompressed.anditisabouttobeencryp.cd 
using a symmenica, ctyp.osys,m, a deciston must be made as to what key to use There are several 
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me ,hods of establishing a key. The firs, is ,0 have a single, fixed key assigned ,o .he wireless digital 
recorder (i.e. camera) a, the factory. The problem with this method is that if this key becomes 
eompromised, .hen all images taken by .he wireless digital recorder (i.e. camera) are compromtsed. A 
second method is to create a new, random key each time a photograph is taken, and store me .able of 
keys in .he wireless digital recorder (i.e. camera) for subsequent download. This, although feas.ble, may 
teundesimbleforthesamereasonthatstoringmeimagesthemselvesinthewirelessdigitalrecorderO,. 

camera) is undesirable: memory in the wire.ess digital recorder (i.e. camera) is fragile, and tf me keys 
are lost, the images are useless. 

,00391 Instead, a preferred method of key management is used. In this scheme, the serial number of 
the wi re lessdigi«a.rec„rder(i.e.camera)and other pertinent information that can be recovered wUhou, 
recovering the file (like the filename, the time ard date, etc.) are securely hashed. Hashing refers .0 . 

the ,e«ersmadocume„.anumber(A=l,B=2, etc.), add those numbers, ogether modulo 26, one would 
come up withasingle number between 0 and 25. If any letter in me document changed, the result ofthe 
function wouldchange as well, and thus eould be used as an indication that the document had changed. 

In a way the short dataset (the modulo sum) would stand in for the larger dataset (the document). Note 
.hattheshortda^setcannotbeused.oreproduccthcdocument.buttha.changingmedocumen.tnaway 

that doesn't affect the modulo sum is difficult. 

,0040] Hashing works in just this way, but with much large, numbers. In the disclosed system, the 
serial number is hashed with other information to create a key. If the key is compromised (by techmca. 
„, legal means) men no other photograph taken by the wireless digital recorder (i.e. camera) ,s 
compromised. Itis impossible - no, jus, difficul.-.o go from the hashed keyto the source matenal.m 
the same way it is impossible to deduce this document from one modulo sum character. 

(0041, Now me file is encrypted, and only the holder of the secret key can unlock the file. Two more 
steps remain before the file is transmitted to the secure storage facility. Firs,, the e„,ire encrypted file 
is passed through a message authentication algorithm, which produces a hash (similar to the way the 
symmetrica, encryption key was calculated, above) over the whole file. In mis way, if any byte of the 
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m essage file is corrupted in transmission, i, will be discovered. The file is then encrypted using an 
asymmetrical cryp.osystem under the user's private key, effectively signing the frle. 

,0042, Finally, identifying information is added to the (now doubly) encrypted file, and fine file is 
encrypted again - this time, under fine storage facility's public key. Now, observe the properties of the 
file thus created: 

The file is secure. Nobody but the storage facility can open the outer wrapper. 
. The file is anonymous to casual observers. There is no identifying information outside of the 

outer wrapper. 

. The file is signed. The storage facility can open the outer wrapper and discover an tdentifier of 
the party who claims to have created the file. 

. Thesigna«ureisirrefh,ableandcam,o.berepudiated.Thes,o ra gefaci.i«ycanlooku P «hepubhc 
key ofthe party claiming to be. he author of me file, and can atiemptto open, he middle wrapper, lns.de, 
(heywillfindanencryp.edfileandahashofthefde.Ifmecalcn.a^hashma.ehestihegivenhash.men 

the photograph without question belongs to that party. 

. Evena ft er.wo™ppershavebeenremoved,,hepianreiss.illsecre,.Thes«oragefacili V keeps 
only encrypted files. They have no means of removing the final wrapper. 

,00431 Shou.ditbecomeneces S ary.oprovemeau,he„tic^of,hepho,ograph,.hes,oragefacili«yl38 
can testify to all the above facts. Addition*, the originator ofthe photograph is the only one who can 
unlock the inner wrapper and produce the photograph. Finally, .he photograph itself ts 
s.ega„„graphically marked, and .his final information ts clinching proof that .he provenance of the 
photograph is accurate. 

,0044] To return .0 .he example wherein the picture is ready for transmission at .his point, the wireless 
digital recorder (i.e. camera) attempts to connect to Ute server at the secure storage facility ,38 or other 
recipients who have access the network (i.e. PDA's, other wireless digital devices) using any of a 
„ u mberofwel.-knownwi re lessmemods.Amongtheseareda K ehanne,sassocia«edwi.h,S-95CDMA, 

lS-136TDMA,CDPD,GSMas W e,laspurelyda.apams S uehas802.11b.Thee X ae.mechan.smofdata 

transmission is not germane. 
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,0045) However the data is transmitted, the storage facility 1 38 receives the triply-encrypted data file 
and performs the following steps: 

. Removetheouterwrapperattdexttaetanencryptedfileandplain-textsubscriberidenttficatron. 

Look up the subscriber information and recover his/her public key. 
. Remove Ore middle wrapper using the public key to reveal an encrypted file and a hash value. 
. Pass the encrypted file through a message digest algorithm to produce a computed hash. 
. Jftecompu.edhashdoesno.matchmereceivedhash.sendancgativeacknowledgcandd.scard 

the file; otherwise... 

. Calculate a message digest of (1) me received hash, (2) the time and date, and (3) a random 

T^feturn an affinmuive acknowledgment 
in (6), above. 

. Store the encrypted photograph along with the received rime and date and the random number 
produccdi„(6).Inthisway,if.hecertifica,eiseverchallenged,,hes.oragef»ci.i.ywillbeab,e.ovenfy 

that it sent the certificate. 

,0046] The user can also transmit these files over various networks to other recipients (PDA's, cell 
cameraphones,»lPAddresses,E-mai,.ona m eafew)formeirreviewa„ds«orage.Howeverme users- 
unique identity and other certificates described in this document are embedded within the frle(s). 
The wireless digital recorder (i.e. camera), upon receipt ofthe certificate, transmits an acknowledgment 
and removes the photograph from its temporary store. The certificate can be stored or discarded -Us 
no, required ,o retrieve the photograph. If stored, it becomes further evidence of the provenance of the 
photograph. 

,0047] Image retrieval from .he storage facility 138 is simple. At login, the storage facility presents 
a random string encrypted under the user's public key. The user must decrypt the string and re-encrypt 
i, under the storage facility's public key. Only the holder of the secret key can do «hi,..and r. proves 
beyond doubt to the storage facility that they are communicating w„h the owner of the photograph. 
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. • th, „ser can download any file from the storage facility. Once 

10048] Once identity is established, the user can oownioau , 

downloaded, the nser can open the final wrapper and extract the image. 

,0049) Again.misworksforanykindofmediaft.e-pho.o^phs.images.music.audiospokenwo.d 
L, physical phenomena - anything. An ohvions application would be in "Mac, boxes" embedded 
in asportation facilities. Following an accident, information could be transmitted using the above 

return the data to cleartext form. 

,0050] Some of the features provided by the system of the present disclosure are as follow: 

. Anapparatusforthepurposeofrecordingimageotothcrdatainrealtime^ndeliblymarkmgthe 

datawuhmedate.time.locauonandinfo^^ 

from the storage facility. The apparatus consists of an image-recording device or other data recording 
device, a geographical position and rime-of-day determination device, a data processing unit and a 

communication device. 

Additionally the image-recording device is a digital camera. 
Additionally the image-recording device is a video camera. 
Additionally where the digital image capture device is an image scanner. 
Additionally the digital image capture device is a facsimile machine. 
Additionally the data-recording device is a digital voice recorder. 
Additionally the data-recording device is a real-time data acquisition system. 
Additionally the geograplncal position and time-of-day determination device is a GPS recewer. 
Additionally the data processing unit is a microcontroller. 
Additionally the data processing unit is a field-programmable gate array. 
Additionally the data processing unit is an application-specific integrated circuit. 
Additionally the communication device is a cellular telephone chipset. 
. Ame thod 1S alsopro^^^ 

imag es, sounds, or other data with the date, time, location, authentication certificate, and informal 
identifying the creator of the data. 
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a certificate authority by means of the communication device. 

. ^ method further includes the step in which the method of indelibly marking .mages ,s 

T^Tmethod further includes the step in which the method of indelibly marking sounds is 

watermarking. 1 . , . 

. A „o te memodisprov,ded„fe„c W tingima g esando.herda te suehd,a,u„auutonzedpar,,e 

cannotrenderthe images and other data in usable form; the images and other datacanno.be repudiated 

by me creator; and that date, time, location and creator metadata ear, be verified by third parties. 

. The method further includes the step in which the image or other data is firs, compressed usntg 

a well-known compression algorithm, producing a compressed image or other data. 

. The method further includes the step in whieh the eontpression algortthm ,s the 

Lempel-Ziv-Welch algorithm. 

. The method further includes .he step in which the compression algorithm ts the MPEG 

^"'uemethod further inefudesthesfep in which the eompressed image or other data is encrypted 
under a symmetrical, single-key cryptosystem. 

. The method further includes the step in which the cryptosystem is DES. 

. The method further includes the step in which the cryptosystem is IDEA. 

. The method further includes the step in which me ctyp.osys.em is Triple-DES. 

. The method further includes the step in which the cryptosystem is AES. 

. Tbe method further includes the step in which the image or other dam, having been encrypted 

under the symmetrical cryptosystem, is then applied to a message digest algortthm. 

. The method further includes the step in which the output data of the message diges. algortthm 

are then appended to the symmetrically encrypted data. 

. The method further includes the step in which the message diges. algorithm is the Secure Hash 

* l80 "te method further tncludes the step in which the image or other data, having been 
symmetrically encrypted and having a message digest appended is then further encrypted using an 
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asymmetrical (public-key) algorithm. 

. The method further includes the step in which the image or other data is encrypted usmg the 
creator's private key. 

. The method further includes the step in which the asymmetrical algorithm is the RS A algonthm. 
. The method further includes the step in which the image or other data, having been encrypted 
under the symmetrica. a.gori,hnt and the asymmetrical algorithm, is then augmented with persona! 
identifying information belonging to the creator of the data. 

. The method further includes the step in which the personal identifying information ,s a senal 
number. 

. The method further includes the step in which the image or other data, having been encrypted 
and wnh said persona! identifying information appended is then further encrypted using a publtc-key 
encryption algorithm. 

. A storage facility operation is also provided for the purpose of receiving and stormg images, 
audio and other data from a multiplicity of information sources. 
. Themethodfurtherin^ 
belonging to the storage facility. 

. The method further includes the step in which the public-key encryption algonthm is the RSA 
algorithm. 

. The method further includes the step in which .he image or other data encrypted accordmg to 
the method of above under the public key belonging to the storage fecility is then transmitted to the 
storage facility using a transmission medium. 

. The method farther includes the step in which the transmission medium is cellular digital packet 
The method further includes the step in which the transmission medium is a CDMA data 



data. 



channel 



The method further includes the step wherein the storage facility verifies the origin of 
information received that has been transmitted according to the above methods. 
. The method further includes the step in which the information received is decrypted under the 
private key belonging to the storage facility. 
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. Ttamahodfurtherindudeste^ 
data set and identifying information. 

. The method further includes the step in which .he identifying information is used as an mdex 
into a database that contains the pubfic encryption keys of all parries anted to store informal ,n 
the storage facility. 

. The method further includes the step in which the identifying information is used to locate a 
unique pubfic key contained in the data base of and belonging to the purported originator of the data. 
. The method further includes the step in which the key obtained by the above methods ,s used 
to decrypt the encrypted data set of, creating a decrypted data set. 

. The method further includes the step in which the decrypted dam set consists of a symmetncally 
encrypted data set and a received message digest. 

. The method further includes the step in which the symmetrically encrypted data set is presented 
to a message digest algorithm to produce a computed message digest. 

. The method further includes the step in which the received message digest is compared to the 
computed message digest. 

. The method further includes the step in which verification of the message is detemuned ,0 be 
successful if the received message digest and the computed message digest are identical. 
. The method further includes the step of transmitting an acknowledgment of rccerp. to the 
originator of the image or other data. 

. The method further includes the step in which the acknowledgment of receipt cons.sts of the 
received message digest encrypted under the private key of me storage facility and. he public key of the 

originator. 

. The method further includes the step in which the certificate authority is a pubhc certtficate 

authority. . 

. The method further includes the step in which the certificate authoriry is a prrvate certtficate 

authority. 

. The method further includes .he step in which the certificate authority is a government agency. 
. The method further includes the step in which the time, date and location information is obtamed 
from the GPS receiver. 

. The method further includes the step in which .he time, date and location information ,s denved 
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from signaling obtained from the cellular telephone chipset . 

directly from information contained in Are MM layer of me mobile telephone service provrder. 

. The method tether inclndes the step in which the time and date information is derived from a 

network time server. 

. The method further includes me step where the secure server or image data reposrtory ts Data 
B&se server 

. The method further includes the step where .he secure server or image data repository is Web 



server. 



server, 



server 



The method further includes the step where the secure server or image data repository is e-mail 

The method further includes the step where the secure server or image data repository is FTP 

. The method further includes the step for securely retrieving data stored at the storage facility. 
. The method further includes .he step in which the method is a challenge-response mechanrsm. 
. The method further includes the step in which the request includes the identity of .he requestor 
and the identity of the data set to be retrieved. 

. Themedrodftetherincludesthestepinwhrchthestoragefacilitycrea.esarandornbifs.reamas 

a challenge. f 
. The method further includes the step in which the storage facility determines the pubhc key 

the requestor by means of looking up the public key in the database. 

. ThemeAodfurtherincludesmestepinwhichmestoragefacilrtyencryptsfhcrandombrtstrc™ 
with the public key belonging to the requestor. 

bit stream to the requestor. 

. Th e m ed,odfurtherincludes.hes.epinwhich.hereques.ordecryp.sthera„dombi.streamus.ng 

the private key corresponding to the public key under which the bit stream was encrypted. 

. The method further includes .he step in which the recovered random bit stream .s .hen 

re-encrypted in the public key belonging to the storage facility. 

. The method further includes the step in which the re-encrypted random bi, stream is transmrtted 
Atty. Dkt. No. MPOR-o26,492 



22 



back to the storage facility. 

. The method further includes the step in which the storage facility then decrypts the random bt, 
stream using its private key. 

. The method further includes the step in which the storage facility determines whether the 
requests authentic by comparing the random bitstream recovered from the response of the requestor 
and the random bit stream . 

. The method further includes the step in which the storage facility transmits the requested data 

set only if the random bit streams match. 

The method further includes the step in which the method is biometric. 
. The method further includes the step in which the storage facility sends a zero knowledge 
challenge to the requestor. 

. The method further includes the step in which the requestor performs a biometric measurement 
to determine the response to the zero-knowledge challenge. 

. The method further includes the step in which the requestor returns the requested data set only 
if some number of challenges is answered correctly. 

. The method further includes the step in which the method is by means of a password or 
passphrase. 

. The method tether includes the step in whtch the method is by means of an electronic key or 
other electronic identification device. 



,00511 With the disclosed system, this provides for a method of storing, cataloging, viewtng, playback 
and pnnting of images, video, audio and photographs change as we.,. Instead of relying on photo 
finishers anyone with an inexpensive printer can reproduce images, anyone withaCDreader/wntercan 
reproduce audio, and anyone with a DVD player/recorder can reproduce both images and andto. 

(0052] Additionally, instead of a fireproof safe, image, video, audio and photograph storage involves 
digital media. And, instead of couriers and the mail, transmttttng images, video, audio and photographs 
from one place to another is likely to involve the Internet. 
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,0053) This new world of opportunities has its problems as well. Once images, video, audto and 
photographs are in the digital domain, there are opportunities ,o modify these so ,ha, i. no longer 
representstheeventsthataerually occurred. Digital cameras or other digital recorders a„he.ime of tins 
submission, typically include a clock of dubious accuracy that can, in any event.hese, backer forward 
,0 make i. seem as though an even, occurred at a time other ton to acuta, time of to event. And to 
metadaua-totime.date.andlocationoftoimages.video.audioandphorogmphs-isnots.oredusmg 

any secure method. Anyone knowledgeable in to field can modify to metadata to make to .mages 
video audio and photographs appea, to. i. was <ake„ a, a time and place other than to real time and 



place. 



,0054, Another problem solved with to system of to present disclosure is that of storage. For many 
users (photographers, musicians, forensic, video / audio personnel, governmental, mifitaty personnel, 
public service, professional and non professional personnel and others) to value of to images, vrdeo, 
audio and photographs taken far exceeds, he value of to equipment used, orake torn. For these users, 
i, is important to, to images, video, audio and photographs tomselves be transported to a secure 
loca «on a. to earliest possible opportunity. Digital recording devices (i.e. digUal cameras and other 
di g iUnrecordi„gdevices)re. y onmemorycardsto,c„n te innon-vo.ati,es„,id-s,a,ememo^to,,wh^ 

robns, for a solid-srare device, is easily damaged by mechanical shock or static electricity. Unlrke film 
in which a defec, may only cause a minor blemish in to image, a single defec. in the memoty card of 
a digital recording device may be enough ,0 render all to information on to card useless. 

,0055] I, is noted to, to images, video, audio and photographs no, be disclosed ,o an unauthorized 
third party. While traditional analog film images, video and audio recordings can be physically locked 
i„,o a secure facility, digital images, audio, and video reside on computers. These computers canbe to 
subjects of network attacks and information on torn can be compromised in two way, Frts,, a 
knowledgeable opponent can read information from an intemet-connected computer - tot ts, an 
opponent can view images, video, audio and photographs he or she is nnantorized ,o view. Second, . 
knowledgeable opponen, can obtain write permission and modify to images, video, audto and 
photographs in a way that is difficult to detect. 
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[00561 Finally, the user is provided the ability to attach, mix, and modify media files easily and 
indelibly mark each image, video, audio, photograph or media file as his or her own work, to eliminate 
the possibility of plagiarism and to provide a certificate authority while wirelessly transmitting sad 
media files for secure storage or to another recipient or source. 

[00571 In the days of film cameras (analog), security usually meant placing the negatives into a photo 
safe. Prints made from the negatives could be marked with an identifier that clearly indicated the 
pedigree of the photograph. Those who would use the photograph without permission of the owner 
would be subject to a copyright infringement suit - and it would be sufficient evidence in court for the 
user to produce the negatives and testifies that, in fact, he or she took the photographs. 

[0058] With the advent of digital media and the proliferation of the Internet, images, video, audio, 
photographs and other forms of digital documents stored on digital computers are no longer secure. 
This invention addresses all of these concerns. It provides a mechanism for recording, attaching, mixing, 
appending to, modifying images, video, audio and photographs, marking the images, video, audio and 
photographs indelibly with a provable time, date, location and identity of the individual taking the 
images video, audio and photographs. It then provides a means to transport the images, video, audK> and 
photographstoasecure,off-sitestoragefacilityandtoobtainpositiveconfirmationthat^ 

occurred error-free. It provides a method for securely rendering the image, video, and audio and 
photograph useless to anyone but the original user. Finally, it provides the ability to demonstrate, with 
legal certainty, that the image, video, audio and photograph was taken at the location and at the tune 
indicated, and that the image or audio file has not been altered, as well as, tracks ongoing changes made 
by the originator or other user identities within the original file. 

[0059] Although the preferred embodiment has been described in detail, it should be understood that 
various changes, substitutions and alterations can be made therein without departing from the spirit and 
scope of the invention as defined by the appended claims. 



Atty. Dkt. No. MPOR-o26,492 



